cbcvebase.
CVE-2024-5710
published 2024-06-27

CVE-2024-5710: berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform…

PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.41%
32.4th percentile
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

Affected

3 ranges
VendorProductVersion rangeFixed in
berriaiberriai_litellmunspecified – latest
litellmlitellm
litellmlitellm>= 0 < 1.40.151.40.15

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.